refactor templating
Some checks failed
continuous-integration/drone/push Build is failing

This commit is contained in:
Robert Kaussow 2019-07-17 23:32:11 +02:00
parent ff5108218e
commit ad0b3304c4
4 changed files with 110 additions and 52 deletions

View File

@ -91,6 +91,39 @@ nginx_xxxsp_parameters:
nginx_vhosts_dir: /var/www/vhosts nginx_vhosts_dir: /var/www/vhosts
nginx_default_page_enabled: False nginx_vhosts_default:
- file: default
server:
- port: 80
server_name: "{{ ansible_hostname }}"
locations:
- match: /
root: /var/www/vhosts/default
index: index.html
# nginx_vhosts_default:
# - file: default
# upstream:
# name: my_pool
# servers: []
# servers:
# - port: 80
# server_name: demo.example.com
# tls_redirect: False # skips locations if enabled
# tls_redirect_url:
# tls:
# cert: /etc/pki/tls/..
# key: /etc/pki/tls/..
# dhparam:
# client_max_body_size:
# locations:
# - match: /
# root: /var/www/vhosts/default
# index: index.html
# proxy_pass:
# proxy_headers: []
# error_page: /usr/share/nginx/html
nginx_vhosts_extra: []
nginx_server_names_hash_bucket_size: 32 nginx_server_names_hash_bucket_size: 32

View File

@ -85,7 +85,7 @@
- name: Set selinux booleans - name: Set selinux booleans
seboolean: seboolean:
name: "{{ item.name }}" name: "{{ item.file }}"
state: "{{ item.state }}" state: "{{ item.state }}"
persistent: "{{ item.persistent }}" persistent: "{{ item.persistent }}"
loop: "{{ nginx_set_sebooleans }}" loop: "{{ nginx_set_sebooleans }}"
@ -118,20 +118,28 @@
- block: - block:
- name: Add default page configuration file - name: Add default page configuration file
template: template:
src: etc/nginx/sites-available/default.j2 src: etc/nginx/sites-available/vhost.j2
dest: /etc/nginx/sites-available/default dest: "/etc/nginx/sites-available/{{ item.file }}"
owner: root owner: root
group: root group: root
mode: 0640 mode: 0640
loop:
- nginx_vhosts_default
- nginx_vhosts_extra
loop_control:
label: "{{ item.file }}"
notify: __nginx_reload notify: __nginx_reload
- name: Enable default page - name: Enable vhosts
file: file:
src: /etc/nginx/sites-available/default src: "/etc/nginx/sites-available/{{ item.file }}"
dest: /etc/nginx/sites-enabled/default dest: "/etc/nginx/sites-enabled/{{ item.file }}"
owner: root state: "{{ 'link' when item.state == 'enabled' else 'absent' }}"
group: root loop:
state: link - nginx_vhosts_default
- nginx_vhosts_extra
loop_control:
label: "{{ item.file }}"
notify: __nginx_reload notify: __nginx_reload
when: nginx_default_page_enabled | bool when: nginx_default_page_enabled | bool
become: True become: True

View File

@ -1,42 +0,0 @@
#jinja2: lstrip_blocks: True
# {{ ansible_managed }}
server {
listen 80;
server_name {{ ansible_fqdn }};
{% if nginx_tls_enabled %}
return 301 https://$server_name$request_uri;
{% else %}
location / {
root /var/www/vhosts/default;
index index.html index.htm;
}
# redirect server error pages to the static page /50x.html
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
{% endif %}
}
{% if nginx_tls_enabled %}
server {
listen 443 ssl;
server_name {{ ansible_fqdn }};
location / {
root /var/www/vhosts/default;
index index.html index.htm;
}
# redirect server error pages to the static page /50x.html
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
ssl_certificate /etc/pki/tls/certs/{{ nginx_tls_cert_file }};
ssl_certificate_key /etc/pki/tls/private/{{ nginx_tls_key_file }};
}
{% endif %}

View File

@ -0,0 +1,59 @@
#jinja2: lstrip_blocks: True
{{ ansible_managed | comment }}
{% if item.upstream is defined and item.upstream %}
upstream {{ item.upstream.name }} {
{% for upserver in item.upstream.servers %}
server {{ upserver }};
{% endfor %}
}
{% endif %}
{% for server in item.servers %}
server {
listen {{ server.port }} {{ 'ssl' if server.tls is defined and server.tls else '' }};
server_name {{ server.server_name }};
{% if server.tls is defined and server.tls %}
ssl_certificate {{ server.tls.cert }};
ssl_certificate_key {{ server.tls.key }};
{% if server.tls.dhparam is defined %}
ssl_dhparam {{ item.value.ssl.dhparam }};
{% endif %}
{% endif %}
{% if server.tls_redirect | default(False) %}
return 301 https://{% if server.tls_redirect_url is defined %}{{ server.tls_redirect_url }}{% else %}$server_name{% endif %}$request_uri;
{% else %}
{% if server.client_max_body_size is defined and server.client_max_body_size %}
client_max_body_size {{ server.client_max_body_size }};
{% endif %}
{% for location in server.locations %}
location {{ location.match }}
{% if location.root is defined and location.root %}
root {{ location.root }};
{% endif %}
{% if location.index is defined and location.index %}
index {{ location.index }};
{% endif %}
{% if location.proxy_pass is defined and location.proxy_pass %}
proxy_pass {{ location.proxy_pass }}
{% if location.proxy_http_version is defined and location.proxy_http_version %}
proxy_http_version {{ location.proxy_http_version }};
{% endif %}
{% for pheader in location.proxy_headers | default([]) %}
proxy_set_header {{ pheader }};
{% endfor %}
{% endif %}
}
{% endfor %}
# redirect server error pages to the static page /50x.html
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root {{ item.error_page | default("/usr/share/nginx/html") }};
}
{% endif %}
}
{% endfor %}